What this report is about

Result of the Customer Service portfolio agencies' financial statement audits for the year ended 30 June 2023.

What we found

Unmodified audit opinions were issued for all completed 30 June 2023 financial statements audits of Customer Service portfolio agencies. Two audits are ongoing.

What the key issues were

The total number of misstatements in the financial statements and findings reported to management decreased compared to the prior year.

For the first time since its establishment in 2015, GovConnect NSW received unqualified audit opinions for business process internal controls and information technology general controls managed by service providers.

The department controls Finance Co Trust (Fin Co), a special purpose trust created as part of its project to replace flammable cladding for eligible residential apartment buildings. Fin Co did not prepare financial statements which is a breach of the Government Sector Finance Act 2018 (GSF Act).

The department's land titling database was overstated by $42.5 million due to errors in the valuation model.

The New South Wales Government Telecommunications Authority corrected a prior period error of $10.2 million overstatement of property, plant and equipment.

A high-risk finding was reported to Service NSW regarding gaps in policies, systems and processes for administering and financial reporting on grant programs.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Customer Service portfolio of agencies’ financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Customer Service portfolio of agencies (the portfolio) for 2023.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Customer Service portfolio.

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Effective radio communications are crucial to NSW's emergency services organisations.

The Critical Communications Enhancement Program (CCEP) aims to deliver an enhanced public safety radio network to serve the five emergency services organisations (ESOs), as well as a range of other users.

This report assesses whether the NSW Telco Authority is effectively managing the CCEP.

What we found

Where it has already been delivered (about 50% of the state), the enhanced network meets most of the requirements of ESOs.

The CCEP will provide additional infrastructure for public safety radio coverage in existing buildings agreed to with ESOs. However, radio coverage inside buildings constructed after the CCEP concludes will be at risk because building and fire regulations do not address the need for in-building public safety radio coverage.

Around 98% of radios connected to the network can be authenticated to protect against cloning, though only 42% are.

The NSW Telco Authority has not settled with ESOs on how call encryption will be used across the network. This creates the risk that radio interoperability between ESOs will not be maximised.

When completed, the public safety radio network will be the only mission critical radio network for ESOs. It is unclear whether governance for the ongoing running of the network will allow ESOs to participate in future network operational decisions.

The current estimated capital cost for the NSW Telco Authority to complete the CCEP is $1.293 billion. This is up from an estimated cost of $400 million in 2016. The estimated capital cost was not publicly disclosed until $1.325 billion was shown in the 2021–22 NSW Budget Papers.

We estimate that the full cost to government, including costs to the ESOs, of implementing the enhanced network is likely to exceed $2 billion.

We made recommendations about

• The governance of the enhanced Public Safety Network (PSN) to support agency relationships.
• The need to finalise a Traffic Mitigation Plan for when the network is congested.
• The need to provide advice to the NSW Government about the regulatory gap for ensuring adequate network reach in future buildings.
• The need to clarify how encryption and interoperability will work on the enhanced network.
• The need for the NSW Telco Authority to comply with its policy on Infrastructure Capacity Reservation.
• Expediting measures to protect against the risk of cloning by unauthenticated radios.

Public safety radio networks are critical for operational communications among Emergency Services Organisations (ESOs), which in New South Wales include:

• NSW Ambulance
• Fire and Rescue NSW
• NSW Police Force
• NSW Rural Fire Service
• NSW State Emergency Service.¹

Since 1993, these five ESOs have had access to a NSW Government owned and operated radio communications network, the Public Safety Network (PSN), to support their operational communications. Around 60 to 70 other entities also have access to this network, including other NSW government entities, Commonwealth government entities, local councils, community organisations, and utility companies.

Pursuant to the Government Telecommunications Act 2018 ('the Act'), the New South Wales Government Telecommunications Authority ('NSW Telco Authority') is responsible for the establishment, control, management, maintenance and operation of the PSN.²

Separate to the PSN, all ESOs and other government entities have historically maintained their own radio communication capabilities and networks. Accordingly, the PSN has been a supplementary source of operational radio communications for these entities.

These other radio networks maintained by ESOs and other entities are of varying size and capability, with many ageing and nearing their end-of-life. There was generally little or no interoperability between networks, infrastructure was often co-located and duplicative, and there were large gaps in geographic coverage.

In 2016, the NSW Telco Authority received dedicated NSW Government funding to commence the Critical Communications Enhancement Program (CCEP).

According to NSW Telco Authority's 2021–22 annual report, the CCEP is a transformation program for operational communications for NSW government agencies. The CCEP '…aims to deliver greater access to public safety standard radio communications for the State’s first responders and essential service agencies'. The objective of CCEP is to consolidate the large number of separate radio networks that are owned and operated by various NSW government entities and to enhance the state’s existing shared PSN. The program also aims to deliver increased PSN coverage throughout New South Wales.

The former NSW Government intended that as the enhanced PSN was progressively rolled-out across NSW, ESOs would migrate their radio communications to the enhanced network, before closing and decommissioning their own networks.

About this Audit

This audit assessed whether the CCEP is being effectively managed by the NSW Telco Authority to deliver an enhanced PSN that meets ESOs' requirements for operational communications.

We addressed the audit objective by answering the following two questions:

1. Have agreed ESO user requirements for the enhanced PSN been met under day-to-day and emergency operational conditions?
2. Has there been adequate transparency to the NSW Government and other stakeholders regarding whole-of-government costs related to the CCEP?

In answering the first question, we also considered how the agreed user requirements were determined. This included whether they were supported by evidence, whether they were sufficient to meet the intent of the CCEP (including in considering any role for new or alternative technologies), and whether they met any relevant technical standards and compliance obligations (including for cyber security resilience).

While other NSW government agencies and entities use the PSN, we focused on the experience of the five primary ESOs because these will be the largest users of the enhanced PSN.

Both the cost and time required to complete the CCEP roll-out have increased since 2016. While it was originally intended to be completed in 2020, this is now forecast to be 2027. Infrastructure NSW has previously assessed the reasons for the increases in time and cost. A summary of the findings made by Infrastructure NSW is presented in Chapter 1 of this report. Accordingly, as these matters had already been assessed, we did not re-examine them in this performance audit.

The auditee for this performance audit is the NSW Telco Authority, which is a statutory authority within the Department of Customer Service portfolio.

In addition to being responsible for the operation of the PSN, section 5 of the Act also prescribes that the NSW Telco Authority is:

• to identify, develop and deliver upgrades and enhancements to the government telecommunications network to improve operational communications for government sector agencies
• to develop policies, standards and guidelines for operational communications using telecommunications networks.

The NSW Telco Authority Advisory Board is established under section 10 of the Act. The role of the board is to advise the NSW Telco Authority and the minister on any matter relating to the telecommunications requirements of government sector agencies and on any other matter relating to the functions of the Authority. As of 2 June 2023, the responsible minister is the Minister for Customer Service and Digital Government.

The five identified ESOs are critical stakeholders of the CCEP and therefore they were consulted during this audit. However, the ESOs were not auditees for this performance audit.

The NSW Telco Authority established and tracked its own costs for the CCEP

Over the course of the program from 2016, the NSW Telco Authority prepared a series of business cases and program reviews that estimated its cost of implementing the program in full, including those shown in Exhibit 6 below.

In response to the 2016 CCEP business case, the then NSW Government approved the NSW Telco Authority implementing the CCEP in full, with funding provided in stages. The NSW Telco Authority tracked its costs against approved funding, with monthly reports provided to the multi-agency Program Steering Committee

Throughout the program, the NSW Government was informed of increasing costs being incurred by the NSW Telco Authority for the CCEP

The various business cases, program updates, and program reviews prepared by the NSW Telco Authority were provided to the NSW Government through the required Cabinet process when seeking approval for the program proceeding and requests for both capital and operational funding. These provided clear indication of the changing overall cost of the CCEP to the NSW Telco Authority, as well as the delays that were being experienced.

There was no transparency to the Parliament and community about changes in the capital cost of the CCEP until the 2021–22 NSW Budget

As the business cases for the CCEP were not publicly available, the only sources of information about capital cost were NSW Budget papers and media releases. The information provided in the annual Budget papers prior to the 2021–22 NSW Budget provided no visibility of the estimated full capital cost to complete all stages of the CCEP. As shown in Exhibit 7 below, this information was fragmented and complex.

Media releases about the progress of the CCEP did not provide the estimated total cost to the NSW Telco Authority of $1.325 billion to complete all stages of the CCEP until June 2021. Prior to this date, media releases only provided funding for the initial stages of the program or for the stages subject to a funding announcement.

Even during the September 2019 and March 2020 Parliamentary Estimate Committee hearings where the costings and delays to the CCEP were raised, the estimated full cost of the CCEP was not revealed.

The original business case for the CCEP included estimated ESO costs, though these costs were not tracked throughout the program

Estimates for ESO costs for operating and maintaining their own radio networks over the four years from 2016–17 were included in the original March 2016 business case. They included $75.2 million for capital expenditure and $95 million for one-off operating costs. These costs, as well as costs incurred by ESOs due to the delay in the program, were not subsequently tracked by the NSW Telco Authority.

In January 2017, Infrastructure NSW reviewed the CCEP business case of March 2016. In this review, Infrastructure NSW recommended that the NSW Telco Authority identify combined and apportioned costs and cashflow for all ESOs over the CCEP funding period reflecting all associated costs to deliver the CCEP. These to include additional incidental capital costs accruing to ESOs, transition and migration to the new network and the cost (capital and operational) of maintaining existing networks. This recommendation was implemented in the November 2017 program review, with ESO capital costs estimated as $183 million.

In 2019, Infrastructure NSW conducted a Deep Dive Review on the progress of the CCEP. In this review, Infrastructure NSW made what it described as a 'critical recommendation' that the NSW Telco Authority:

It should be noted that the delay to CCEP completion now is seven years and that further ‘operational bridging solutions’ have been needed by the ESOs.

'Stay Safe and Keep Operational' costs incurred by ESOs will be significantly higher than originally estimated

Stay Safe and Keep Operational (SSKO) funding was established to provide funding to ESOs to maintain their legacy networks while the CCEP was refreshing and enhancing the PSN. This recognised that much of the network infrastructure relied on by ESOs had reached – or was reaching – obsolescence and would either require extensive maintenance or replacement before the PSN was available for ESOs to migrate to it. ESOs may apply to NSW Treasury for SSKO funding, with their specific proposals being reviewed (and endorsed, where appropriate) by the NSW Telco Authority. Accordingly, SSKO expenditure does not fall within the CCEP budget allocation.

As shown in the table below, extracted from the March 2016 CCEP business case, the total expected cost for SSKO purposes over the course of the CCEP was originally $40 million, assuming the enhanced PSN would be fully available by 2020.

In October 2022, the expected completion date for the CCEP was re-baselined to August 2027. Accordingly, ESOs will be required to continue to maintain their radio networks using legacy equipment for seven years longer than the original 2020 forecast. This will likely become progressively more expensive and require additional SSKO funding. For example, NSW Telco Authority endorsed SSKO bids for 2022–23 exceeded $35 million for that year alone.

Compared to the original forecast made in the March 2016 CCEP business case of $40 million, we found ESOs had estimated SSKO spending to 2027 will be $292.5 million.

A refresh of paging network used by ESOs and the decommissioning of redundant sites were both removed from the original 2016 scope of the CCEP

Paging

A paging network is considered an important user requirement by the Fire and Rescue NSW, NSW Rural Fire Service, and NSW State Emergency Service. The 2016 CCEP business case included a paging network refresh within the program scope of works. This was reiterated in the November 2017 internal review of the program. These documents did not estimate a cost for this refresh. The March 2020 and October 2020 business cases excluded paging from the program scope. The audit is unable to identify when, why or by whom the decision was made to remove paging from the program scope, something that was also not well communicated to the affected ESOs.

In 2021, after representations from the affected ESOs, the NSW Telco Authority prepared a separate business case for a refresh of the paging network at an estimated capital cost of $60.31 million. This program was subsequently approved by the NSW Government and included in the 2022–23 NSW Budget.

In determining an estimated full whole-of-government cost of delivering the enhanced PSN, we have included the budgeted cost of the paging network refresh on the basis that:

• it was expressly included in the original approved March 2016 business case
• the capability is deemed essential to the needs of three ESOs.

Decommissioning costs

The 2016 CCEP business case included cost estimates for decommissioning surplus sites (whether ‘old’ GRN sites or sites belonging to ESOs’ own networks). These estimates were provided for both the NSW Telco Authority ($38 million) and for the ESOs ($55 million). However, while these estimates were described, they were not included as part of the NSW Telco Authority's estimated capital cost ($400 million) or (more relevantly) operating cost ($37.3 million) for the CCEP. This is despite decommissioning being included as one of eight planned activities for the rollout of the program.

In the October 2020 business case, an estimate of $201 million was included for decommissioning agency networks based on a model whereby:

• funding would be coordinated by the NSW Telco Authority
• scheduling and reporting through an inter-agency working group and
• where appropriate, agencies would be appointed as the most appropriate decommissioning party.

This estimated cost is not included in the CCEP budget.

In determining an estimated full whole-of-government cost of the enhanced PSN, we have included the estimated cost of decommissioning on the basis that:

• decommissioning was included in the 2016 CCEP business case as one of eight 'planned activities for the rollout of the program'
• effective decommissioning of surplus sites and equipment (including as described in the business case as incorporating asset decommissioning, asset re-use, and site make-good) is an inherent part of the program management for an enhanced PSN
• costs incurred in decommissioning are entirely a consequence of the CCEP program.

The estimated minimum cost of building an enhanced PSN consistent with the original proposal is over $2 billion

We have derived two estimated minimum whole-of-government costs for delivering an enhanced PSN. These are:

• $2.04 billion when calculated from NSW Telco Authority data – shown as estimate A in Exhibit 9 below.
• $2.26 billion when calculated from ESO supplied data – shown as estimate B in Exhibit 9.

Both totals include:

• budgeted amounts for both CCEP capital expenditure ($1,292.8 million) and operating expenditure ($139 million)
• the NSW Telco Authority's 2020 estimated cost for decommissioning ($201 million)
• the NSW Telco Authority's approved funding for paging refresh ($60.3 million).

The two estimated totals primarily vary around the capital expenditure of ESOs (particularly SSKO funding). To determine these costs, we used ESO provided actual SSKO costs to date, as well as their estimates for maintaining their legacy radio networks through to 2027.

The equivalent cost estimates from the NSW Telco Authority were sourced from the November 2017 internal review and the October 2020 business case for CCEP. It should be noted that the amounts for both estimates are not audited, or verified, but do provide an indication of how whole-of-government costs have grown over the course of the program.

The increase in and reasons for the increase in total CCEP costs (capital and one-off operating) incurred or forecast by the NSW Telco Authority (from $437.3 million in 2016 to $1,431.8 million in 2022) have been provided to the NSW Government through various business cases and reviews prepared by the NSW Telco Authority, as well as by reviews conducted by Infrastructure NSW as part of its project assurance responsibilities.

However, the growth in ESO costs and other consequential costs, such as paging and decommissioning, from around $263 million in the 2016 CCEP business case to between $600 million and $800 million, has to a large degree remained invisible and unexplained to the NSW Government and other stakeholders

Appendix one – Response from agency

Appendix two – Trunked public safety radio networks

Appendix three – About the audit

Appendix four – Performance auditing

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #383 - released 23 June 2023

What this report is about

This report draws together the financial impact of natural disasters on agencies integral to the response and impact of natural disasters during 2021–22.

What we found

Over the 2021–22 financial year $1.4 billion from a budget of $1.9 billion was spent by the NSW Government in response to natural disasters.

Total expenses were less than the budget due to underspend in the following areas:

• clean-up assistance, including council grants
• anticipated temporary accommodation support
• payments relating to the Northern Rivers Business Support scheme for small businesses.

Natural disaster events damaged council assets such as roads, bridges, waste collection centres and other facilities used to provide essential services. Additional staff, contractors and experts were engaged to restore and repair damaged assets and minimise disruption to service delivery.

At 30 June 2022, the estimated damage to council infrastructure assets totalled $349 million.

Over the first half of the 2022–23 financial year, councils experienced further damage to infrastructure assets due to natural disasters. NSW Government spending on natural disasters continued with a further $1.1 billion spent over this period.

Thirty-six councils did not identify climate change or natural disaster as a strategic risk despite 22 of these having at least one natural disaster during 2021–22.

What the report is about

Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats.

This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit asked:

• Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives? 
• Are Cyber Security NSW's roles and responsibilities defined and understood across the public sector?

What we found

Cyber Security NSW has a clear purpose that is in line with wider government policy and objectives. However, it does not clearly and consistently communicate its key objectives, with too few reliable and meaningful ways of measuring progress toward those objectives.

Cyber Security NSW does not provide adequate assurance of the cyber security maturity self assessments performed by NSW Government agencies. Department heads are accountable for ensuring their agency's compliance with NSW government policy.

Cyber Security NSW has a remit to assist local government to improve cyber resilience. However, it cannot mandate action and does not have a strategic approach guiding its efforts.

What we recommended

By 30 June 2023 the Department of Customer Service should:

1. implement an approach that provides reasonable assurance that NSW government agencies are assessing and reporting their compliance with the NSW Government Cyber Security Policy in a manner that is consistent and accurate
2. ensure that Cyber Security NSW has a strategic plan that clearly demonstrates how the functions and services provided by Cyber Security NSW contribute to meeting its purpose and achieving NSW government outcomes
3. ensure that Cyber Security NSW has a detailed, complete and accessible catalogue of services available to agencies and councils
4. develop a comprehensive engagement strategy and plan for the local government sector, including councils, government bodies, and other relevant stakeholders. 

The NSW Cyber Security Strategy details a vision for ‘…NSW to become a world leader in cyber security, protecting, growing, and advancing our digital economy’. Cyber Security NSW, located within the Department of Customer Service, has lead responsibility for one of the four commitments in the strategy: to increase the NSW Government’s cyber resilience.

Cyber Security NSW ‘aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats’. It does not provide broader consumer-focused services.

In August 2020, the NSW Government approved a business case to enhance the funding and remit of Cyber Security NSW to include a broader range of services and functions. As a result, Cyber Security NSW is receiving $60 million in funding from 2020–21 to 2022–23, an increase from its previous funding of around $5 million per year (which had been sourced from contributions from each NSW Government department).

The objective of this performance audit was to assess the effectiveness of Cyber Security NSW’s arrangements in contributing to the NSW Government’s commitments under the NSW Cyber Security Strategy, in particular, to increase the NSW Government’s cyber resilience.

We assessed this objective through two lines of inquiry:

1. Are internal planning and governance processes in place to support Cyber Security NSW meet its objectives?
2. Are Cyber Security NSW roles and responsibilities defined and understood across the public sector?

The Audit Office of New South Wales has reported on the topic of cyber security previously. Most recently, the Internal Controls and Governance 2022 report included findings and recommendations relating to cyber security internal controls and governance at 25 of the largest agencies in the NSW public sector. While that report is multi-agency and sought to assess the level of cyber security attained in selected agencies, this current performance audit report focuses specifically on Cyber Security NSW and how well-equipped it is to meet its whole-of-government cyber security leadership and coordination roles.

Cyber security is an evolving landscape where the nature and scale of threats are increasing. The Australian Cyber Security Centre (ACSC), the Australian Government lead agency for cyber security, reported in its in 2020–21 annual report that it received over 67,500 cybercrime reports, equating to one report of a cyber attack every eight minutes, with no sector of the economy or type of government agency immune.

Citizens of NSW are increasingly accessing online government services in this context, providing different types of sensitive personal information. This reliance and transition to digital services has increased in recent times, particularly during the COVID-19 pandemic. The NSW Legislative Council’s Portfolio Committee (the Committee) noted in the March 2021 inquiry report into cyber security in NSW that ‘a failure to get cyber security right in New South Wales represents a significant risk to the State’s economy, business and community, and will affect public trust in government’.

The Committee noted that sound cyber security practices across NSW Government agencies, which Cyber Security NSW was established to drive, will enable the State and community to leverage opportunities from the digital world. Indeed, NSW aims to become a world leader in cyber security by protecting, growing and advancing the digital economy.

Establishment of Cyber Security NSW

Prior to the establishment of Cyber Security NSW, the Office of the Government Chief Information Security Officer was responsible for cyber security across the NSW government sector. This role was announced in March 2017 and was tasked with ‘identifying areas of high risk of attack, and working across NSW agencies to share intelligence, facilitate minimum security standards, and ultimately ensure that citizens can trust in the NSW Government’s delivery of digital transformation’. At the time of this appointment, the Minister for Customer Service and Digital Government stated that ‘cyber security and risk has emerged as one of the most high-profile, borderless and rapidly evolving risks facing government’.

The Office of the Government Chief Information Security Officer was renamed on 20 May 2019 to Cyber Security NSW. Governance updates at the time note that this was undertaken to ‘better reflect the leadership and coordination role required to uplift cyber security and decision-making across NSW Government’. The establishment of Cyber Security NSW was also partly in response to the Audit Office of New South Wales 2018 performance audit report on ‘Detecting and Responding to Cyber Security Incidents’. That audit found that there was no whole-of-government capability to detect and respond effectively to cyber security incidents. Cyber Security NSW is relatively new and is established as a branch within the Department of Customer Service (DCS).

The Office of the Government Chief Information Security Officer, and subsequently Cyber Security NSW, was initially funded through a levy imposed on clusters. Funding arrangements for Cyber Security NSW changed with the announcement in August 2020 of $240 million over three years for the stated purpose of bolstering the NSW Government’s cyber security capability and creating a world leading cyber industry. This funding included direct investment of $60 million from 2020–21 to 2022–23 for Cyber Security NSW to increase its capability and capacity, with the size of the team at the time expected to grow from 25 to 100 staff. In announcing this funding, the Minister for Customer Service and Digital Government stated that ‘…this is the biggest single cyber security investment in national history and will strengthen the government's capacity to detect and respond to the fast-moving cyber threat landscape’.

Cyber Security NSW is divided into two directorates, with one directorate having a focus on operations, and the other on policy and awareness. In turn, there are seven teams within the two directorates. As at March 2022, Cyber Security NSW had 76 ongoing positions filled, five contractors and 22 vacancies.

Cyber Security NSW states that its aim ‘…is to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats. By building a stronger cyber resilience across whole-of-government, Cyber Security NSW is able to support the economic growth prosperity and efficiency of NSW’.

NSW Government Cyber Security Strategy

The NSW Government Cyber Security Strategy was released in September 2018 to ‘…guide and inform the safe management of government’s growing cyber footprint’. The 2018 Cyber Security Strategy also set out an action plan with success criteria against each of the six themes of the NSW cyber security framework. Based on a framework from the US National Institute of Standards and Technology (NIST), these themes are:

• lead
• prepare
• prevent
• detect 
• respond 
• recover.

The Strategy was revised in 2021 and combined with the Cyber Security Industry Development Strategy. The aim of this current strategy is to ‘…outline the key strategic objectives, guiding principles, and high-level focus areas that the NSW Government will use to align existing and future programs of work’. The strategy includes four NSW Government commitments to:

• increase NSW Government cyber resiliency
• help NSW cyber security businesses grow
• enhance cyber security skills and workforce 
• support cyber security research and innovation.

Cyber Security NSW has responsibility as ‘lead agency’ on the first commitment. This role requires it to set commitment objectives and focus areas for the strategy and provide central leadership and coordination of programs and initiatives.

NSW Government Cyber Security Policy

The NSW Government’s Cyber Security Policy was released in February 2019, replacing the former Digital Information Security Policy. All NSW Government agencies must comply with the Cyber Security Policy, and it was recommended for adoption by State Owned Corporations (SOC), local councils, and universities.

The current version of the Cyber Security Policy sets out a range of mandatory requirements for agencies, including: 

• annual reporting of their self-assessed levels of maturity against all the mandatory requirements of the Policy and the Australian Cyber Security Centre’s ‘Essential Eight’ requirements 
• that agencies must provide a list of their ‘crown jewels’ and high and extreme risks to their cluster Chief Information Security Officer (CISO).

The Policy sets out that Cyber Security NSW:

• may assist agencies with their implementation of the Policy with an FAQ document and guidelines on several cyber security topics
• will summarise the maturity reports provided by agencies and provide the results to the relevant governance bodies including the Cyber Security Steering Group, Secretaries’ Board, relevant committees of Cabinet, Cyber Security Senior Officers’ Group, and the ICT and Digital Leadership Group, as well as use these reports to identify common themes and areas for improvement across NSW Government.

As discussed further in Chapter 3, a mandatory guideline issued by the Secretary of the Department of Customer Service in 2020 established that departments and agencies will be subject to audits by Cyber Security NSW. This is to test compliance with the Cyber Security Policy and report these outcomes to the Secretaries’ Board.

This chapter considers whether the Department of Customer Service has a strategic plan for Cyber Security NSW that includes a consistent hierarchy of priorities, which are then reflected in workplans, and inform decisions about specific functions and activities. It also considers whether:

• there was a sound, evidence-based rationale for why Cyber Security NSW was established
• the specific services and functions Cyber Security NSW provides are adequately targeted to agency and council needs
•  there is adequate performance assessment of how the services and functions performed by Cyber Security NSW contribute to uplifting cyber maturity and increasing cyber resilience.

This chapter considers the distribution of responsibility for cyber security in the NSW public sector, as well as whether the responsibilities and roles of Cyber Security NSW are clear and understood by agencies and councils. It also considers whether Cyber Security NSW has sufficient authority and mandate to fulfill its responsibilities for both NSW Government agencies and the local government sector.

Appendix one – Response from agency

Appendix two – About the audit

Appendix three – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #374 - released 8 February 2023

What the report is about

The Transport Asset Holding Entity (TAHE) is the State's custodian of rail assets. It is a state owned corporation and commenced operating on 1 July 2020.

This audit assessed the effectiveness of NSW Government agencies' design and implementation of TAHE. We audited TAHE, Transport for NSW (TfNSW) and NSW Treasury.

Separate and related audits on TAHE are reported in 'State Finances 2022', 'State Finances 2021' and 'Transport and Infrastructure 2022' reports.

What we found

The design and implementation of TAHE, which spanned seven years, was not effective.

The process was not cohesive or transparent. It delivered an outcome that is unnecessarily complex in order to support an accounting treatment to meet the NSW Government's short-term Budget objectives, while creating an obligation for future governments.

The benefits of TAHE were claimed in the 2015–16 NSW Budget before the enabling legislation was passed by Parliament in 2017. This committed the agencies to implement a solution that justified the 2015–16 Budget impacts, regardless of any challenges that arose.

Rail safety arrangements were a priority throughout TAHE's design and implementation, and risks were raised and addressed.

Agencies relied heavily on consultants on matters related to the creation of TAHE, but failed to effectively manage these engagements. Agencies failed to ensure that consultancies delivered independent advice as an input to decision-making. A small number of firms were used repeatedly to provide advice on the same topic. The final cost of TAHE-related consultancies was $22.6 million compared to the initial estimated cost of $12.9 million.

What we recommended

We recommended that the audited agencies should:

• improve accountability and transparency for major new fiscal transformation initiatives
• ensure entities do not reflect the financial impact of significant initiatives in the Budget when there is uncertainty, or it creates perverse incentives
• review record keeping practices, systems and policies to ensure compliance with the State Records Act 1998, and the NSW Government Information Classification, Labelling and Handling Guidelines
• review procurement policies to ensure that consultant use complies with all NSW Government policy requirements.

The NSW Government established the Transport Asset Holding Entity (TAHE), a statutory State Owned Corporation (SOC), on 1 July 2020 to replace the former rail infrastructure owner – RailCorp. It is the State's custodian of rail network assets, including rail tracks and other infrastructure, rolling stock, land, train stations and facilities, retail space, and signal and power systems, within metropolitan and regional New South Wales. It is responsible for $2.8 billion of major capital projects in 2022–23.

TAHE was established under Part 2 of the Transport Administration Act 1988 and is governed by a decision-making board. The Treasurer and the Minister for Finance and Employee Relations are the Shareholding Ministers of TAHE, and they annually agree performance expectations articulated in a Statement of Corporate Intent.

Whereas TAHE is the custodian of rail assets, Sydney Trains and NSW Trains operate public rail services. TAHE does not have responsibility for the operation of the heavy rail network or train services, nor does it have network control functions. TAHE, Sydney Trains and NSW Trains are in the Transport and Infrastructure cluster in the public sector (formerly the Transport cluster and renamed in April 2022), which also includes Sydney Metro and Transport for NSW (TfNSW).

TfNSW leads the Transport and Infrastructure cluster. Its role is to set the strategic direction for transport across the State. This involves the shaping of planning, policy, strategy, regulation, resource allocation and other service and non-service delivery functions for all modes of transport.

TAHE's Operating Licence is granted by the Portfolio Minister and authorises the entity to perform the functions required to acquire, develop, finance, divest and hold assets, pursuant to the Transport Administration Act 1988. The Portfolio Minister also issues a Statement of Expectations which outlines the government’s expectation for the business for the next three to five years.

TAHE's original Portfolio Minister was the Minister for Transport who approved, on 30 June 2020, the issuing of an interim 12-month Operating Licence to enable TAHE to commence operating on 1 July 2020. The Portfolio Minister then granted TAHE's current Operating Licence in 2021. After TAHE requested a 12-month extension to its current Operating Licence, its next Operating Licence is due on 1 July 2024. The current Portfolio Minister is the Minister for Infrastructure, Cities and Active Transport.

About this audit

This audit assessed the effectiveness of NSW Government agencies' design and implementation of TAHE. In making this assessment, we considered whether: 

• the process of designing and implementing TAHE was cohesive and transparent, and delivered an effective outcome
• agencies' roles and responsibilities were clear in the planning of TAHE
• agencies effectively identified and managed certain risks.

Appendix one – Responses from audited agencies, and Audit Office clarification of matters raised in the TAHE formal response 

Appendix two – Classification of government entities 

Appendix three – About the audit 

Appendix four – Performance auditing

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

Parliamentary reference - Report number #372 - released 24 January 2023

What the report is about

Results of the Treasury cluster agencies' financial statement audits for the year ended 30 June 2022.

The results of the audit of the NSW Government's consolidated Total State Sector Accounts (TSSA), which is prepared by NSW Treasury, are reported separately in our report on 'State Finances 2022'.

What we found

Unmodified audit opinions were issued on all 30 June 2022 general purpose financial statement audits.

Qualified audit opinions were issued on three of the 25 other engagements prepared by cluster agencies. These related to payments made from Special Deposit Accounts (SDA) that did not comply with the relevant legislation.

What the key issues were

Commercial agreements were signed between TAHE, the operators and Transport for NSW in June 2022, which reflected an expected rate of return of 2.5% on contributed equity. However, it remains critical that the government continue to provide sufficient funding to the operators so they can pay for access and use TAHE assets. These findings are reported in our report on 'State Finances 2022'.

Eight high-risk issues were raised in 2021–22, of which five relate to NSW Treasury.

A number of previously reported audit findings and recommendations with respect to icare continue to be ongoing issues. This includes the Workers Compensation Nominal Insurer continuing to hold less assets than the estimated present value of its future payment obligations, when measured in accordance with the accounting framework.

What we recommended

Our report on 'State Finances 2022' made several recommendations to improve NSW Treasury's processes.

In this report, we recommended icare should ensure:

• it has sufficient controls in place over claim payments, including an effective quality assurance program, to minimise claim payment errors
• that documentation to support PIAWE calculations is appropriately maintained, and that the minimum documentation requirements are set out in a policy.

This report provides Parliament and other users of the Treasury cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Treasury cluster (the cluster) for 2022.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Treasury cluster.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Acquittals and other opinions

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Results of the 2021–22 consolidated General Government Sector (GGS) and Total State Sector (TSS) financial statements audits.

What we found

The Independent Auditor’s Report on the 2021–22 GGS and TSS financial statements was modified with a limitation of scope and also contained an emphasis of matter.

The opinion in the TSS Independent Auditor’s Report was modified with a limitation of scope on certain balances consolidated in the TSS financial statements because the Catholic Metropolitan Cemeteries Trust (CMCT) denied access to its management, books and records for the purpose of conducting a financial audit.

The Independent Auditor’s Report also includes an emphasis of matter drawing attention to the significant uncertainties associated with the GGS’s equity investment in Transport Asset Holding Entity (TAHE). The significant uncertainty relates to key assumptions and estimates used to forecast a 2.5% return from GGS investments into TAHE that supports the accounting treatment as an equity injection, including:

• funding to support the Rail Operators to pay TAHE’s contracted and forecast access and licence fees up until 2045–46. The Rail Operators are dependent on funding from the GGS to pay access and licence fees. Forecast modelling notes a requirement of a further $10.2 billion in budget funding to pay TAHE to the end of the ten-year contract period in 2030–31, in addition to the $5.5 billion allocated in the forward estimates and up to $50.8 billion for the period 2032 to 2046
• a significant portion of the projected returns are earnt outside of the ten-year contract period and there is a risk that TAHE may not be able to recontract fees at levels consistent with current projections.

What we recommended

The report includes a number of recommendations including:

• continued monitoring that TAHE controls the reported assets ensuring the CMCT, Category 2 Statutory Land Managers (SLM) and Commons Trusts meet their statutory reporting obligations
• ensuring accounting and audit position papers are sufficiently consulted with key stakeholders and are concluded on a timely basis
• ensuring agencies support the timely conclusion of audits by bringing to the auditors' attention key Cabinet records and identifying references relating to accounting issues impacting the financial statements
• for Special Deposit Accounts (SDA) responsible managers should ensure amounts appropriated under any Act or law for payment into the account are appropriately recorded, ensuring payments from SDAs are allowable and made in accordance with Treasurer's delegations and standing authorisation.

Image

Pursuant to section 52A of the Government Sector Audit Act 1983 I am pleased to present my Auditor-General’s Report on State Finances 2022.

Once again this year has presented considerable challenges for the state sector and my Office as we collectively grapple with uncertainties related to COVID-19 and the disruption of emergency events impacting New South Wales. In addition, there were many recommendations arising from last year’s audit to be addressed.

While there is more to do to ensure good financial stewardship of the State, resolution of matters was helped by constructive engagement with the NSW Treasury at the most senior levels. Personally I wish to thank the Treasurer and Secretary for their commitment to instilling integrity in financial management systems and processes. The support Treasury provided for recent amendments to the Government Sector Audit Act 1983 to provide ‘follow the dollar’ powers and other changes recommended by the Public Accounts Committee quadrennial review of my Office is also acknowledged.

Finally I want to thank the teams that contributed to this year’s audit of the Total State Accounts for their diligence, professionalism and commitment. I am very proud of your work.

Margaret Crawford

Auditor-General for New South Wales

The Independent Auditor's Report was qualified and also included an emphasis of matter

The audit opinion on the State's 2021–22 financial statements was modified. The delayed signing of the NSW Total State Sector Accounts (TSSA) by NSW Treasury was in order to resolve significant accounting issues that were material to the TSSA. The key areas requiring significant audit effort included reviewing the State's accounting for TCorp Investment Management (IM) Funds and responding to the risks related to the Catholic Metropolitan Cemeteries Trust (CMCT) denying access to its management and books and records, which is detailed in this Report.

NSW Treasury aimed to sign the TSSA by 19 October 2022. This was delayed by nearly six weeks and the TSSA audit opinion was subsequently signed on the statutory deadline imposed on the Treasurer for tabling of the TSSA in the Legislative Assembly of 30 November 2022.

The Independent Auditor’s Report was modified due to a limitation of scope on the balances consolidated in the TSSA relating to the CMCT

The opinion in the Independent Auditor’s Report was modified with a limitation of scope due to the inability to access management, books and records of a controlled entity, the CMCT.

This year, NSW Treasury, after reconsidering all facts and the perspectives of the CMCT, reconfirmed that the CMCT is a controlled entity of the State for financial reporting purposes. This means CMCT is a GSF agency under the provisions of the Government Sector Finance Act 2018 (GSF Act). As such NSW Treasury is required by Australian Accounting Standards to consolidate the CMCT into the Total State Sector Accounts (TSSA). The value of assets and liabilities of CMCT consolidated into the TSSA is $310.3 million and $15.1 million, respectively, and the loss of CMCT consolidated into the TSSA for the year is $2.4 million.

To date, CMCT has not met its statutory obligations to prepare financial statements under the GSF Act and give them to the Auditor-General. CMCT has not submitted its financial statements to the Auditor-General for audit as required despite repeated requests and has not provided access to its books and records for the purposes of a financial audit. The Secretary of the Department of Planning and Environment wrote to CMCT to request it work with, and offer full assistance to, the Auditor-General in the exercise of her duties.

NSW Treasury has met with and considered CMCT's perspectives. NSW Treasury’s position remains that CMCT is a controlled entity of the State for financial reporting purposes. Consequently, CMCT has not met its statutory obligations as a controlled entity to submit its financial statements for audit and provide access to its books and records. Therefore, the Audit Office was unable to obtain sufficient appropriate audit evidence about the carrying amount of assets and liabilities consolidated into the Total State Sector Accounts as at 30 June 2022 and of the amount of income and expenses for the year then ended. Accordingly a modified audit opinion was issued on the NSW Government's 2021–22 consolidated financial statements.

Section 3 of this report titled 'Limitation of Scope relating to CMCT' discusses this matter in further detail.

An emphasis of matter drawing attention to uncertainty relating to the General Government Sector's investment in the Transport Asset Holding Entity (TAHE) remains

The Independent Auditor’s Report also includes an emphasis of matter, drawing attention to the significant uncertainties associated with the General Government Sector's (GGS) equity investment in TAHE. The significant uncertainty relates to key assumptions used to forecast returns from investments into TAHE in order to support the recognition of the government's funding of TAHE as an equity injection.

At the time of signing the Independent Auditor's Report, there was significant uncertainty with regards to assumptions and estimates used to forecast a return from the GGS investment into TAHE, which supports the recognition of an equity injection. There is significant uncertainty relating to:

• the 2022–23 Budget committed $5.5 billion to fund TAHE's key customers, Sydney Trains and NSW Trains (the operators), to support their payment of access and licence fees agreed on 23 June 2022. However, this funding only extends out to the end of the forward estimates period in 2025–26, which falls short of the ten-year contractual periods to 2030–31 and the projected period to 2045–46 to achieve a 2.5% return from the government's equity investment. The government will need to fund the operators an additional $10.2 billion in Budget funding so that they can meet their contractual obligations to TAHE from 2026–27 to 2030–31, and a further projected funding of $50.8 billion from 2031 to 2046. This additional funding is not within the government's published Budget figures, leading to uncertainty on whether the government-funded operators can pay access and licence fees beyond the forward estimates period of 2025–26
• a significant portion of the projected returns are earnt outside the ten-year contract period (terminating 30 June 2031) and there is a risk that TAHE will not be able to recontract for access and licence fees at a level that is consistent with current projections. There is also a risk that funding for TAHE's key customers will not be sufficient to fund payment of access and licence fees at a level that is consistent with current projections.

The 'State Finances 2021' report made recommendations regarding the significant accounting issues relating to TAHE. The State's response to these recommendations are detailed in Section 4 of this report titled ‘Investment in the Transport Asset Holding Entity’. Other significant matters related to the TSSA audit are covered in Section 8 titled ‘Key audit findings’.

Other financial reporting matters

All government agencies were granted an extra week to submit financial statements for audit

A one-week extension provided agencies across the sector with additional time to resolve key accounting issues and submit financial statements for audit by 1 August 2022.

Further extensions were approved for the following seven agencies (ten in 2020–21):

• State Insurance Regulatory Authority (3 August 2022)
• Dams Safety NSW (8 August 2022)
• Jenolan Caves Reserve Trust (8 August 2022)
• Transport for NSW (8 August 2022)
• Department of Enterprise, Investment and Trade (22 August 2022)
• Transport Asset Holding Entity (22 August 2022)
• Department of Transport (26 August 2022).

Additional extensions provided agencies with more time to complete:

• asset valuations
• valuations of actuarially assessed liabilities.

An initial draft of the TSSA was provided to audit on 15 September 2022. This version was incomplete and excluded the impact of consolidating the State's TCorp IM funds under the correct Australian Accounting Standards. An additional three versions of the draft TSSA were provided to audit progressively to update the TCorp IM fund consolidated balances. The final complete version of the TSSA was submitted on 27 October 2022 which included all adjustments relating to the TCorp IM fund consolidation. Refer to section 8.1 for more details on the material restatements relating to the consolidation of the TCorp IM funds.

In 2021–22, agency financial statements presented for audit contained 20 errors exceeding $20 million (24 in 2020–21). The total value of these errors was $973 million, a decrease from the previous year ($6.6 billion in 2020–21).

The graph below shows the number of reported errors exceeding $20 million over the past five years in agencies’ financial statements presented for audit.

The errors resulted from:

• incorrect application of Australian Accounting Standards and NSW Treasury policies
• incorrect judgements and assumptions when valuing non-current physical assets and liabilities.

NSW Treasury concluded CMCT is a controlled entity of the State

In response to our recommendation in the ‘State Finances 2021’ report, NSW Treasury reconfirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. The Audit Office accepted the position of NSW Treasury.

The reaffirmation of this position means CMCT is a GSF agency under the provisions of the Government Sector Finance Act 2018 (GSF Act). Section 7.6 of the GSF Act places an obligation on CMCT to prepare financial statements and give them to the Auditor-General. Further, section 34 of the Government Sector Audit Act 1983 (the GSA Act) requires the Auditor-General to furnish an audit report on these financial statements.

To date, CMCT has not met its statutory obligations to prepare financial statements under the GSF Act and give them to the Auditor-General. CMCT has not submitted their financial statements to the Auditor-General for audit despite repeated requests and has not provided access to its books and records for the purposes of a financial audit. There was extensive correspondence between the Audit Office of NSW, CMCT, NSW Treasury and the Department of Planning and Environment in 2022 regarding this matter.

In addition, on 10 December 2021, the then Minister for Water, Property and Housing wrote to the Auditor-General requesting a financial and performance audit be performed pursuant to section 27B(3)(c) of the GSA Act. The audit would cover the financial affairs of CMCT, including whether funds have been used for the proper purpose. The Audit Office of New South Wales has written to CMCT on a number of occasions to request the provision of documentation and access to management in order to conduct the performance audit. CMCT has not provided the Audit Office of New South Wales access to its management, books and records for the purpose of the required performance audit.

NSW Treasury has met with and considered CMCT's perspectives. NSW Treasury’s position remains that CMCT is a controlled entity of the State for financial reporting purposes. Consequently, CMCT did not meet its statutory obligations as a controlled entity to submit its financial statements for audit and provide access to its books and records.

The TSSA audit opinion included a limitation of scope

The opinion in the TSSA Independent Auditor’s Report was modified with a limitation of scope due to an inability to access management and the books and records of CMCT. This limitation was appropriately disclosed in Note 1 'Statement of Significant Accounting Policies' of the TSSA. The Statement of Compliance signed by the Secretary of Treasury and the Treasurer on 29 November 2022 was also updated to acknowledge the disclosure in Note 1 regarding CMCT.

The Audit Office was unable to obtain sufficient appropriate audit evidence about the carrying amount of assets and liabilities consolidated into the Total State Sector Accounts as at 30 June 2022 and of the amount of income and expenses for the year then ended. Accordingly a modified audit opinion was issued on the NSW Government's 2021–22 consolidated financial statements.

The process of information sharing by NSW Treasury continues to require improvement

In last year’s ‘State Finances 2021’ report an extreme risk management letter finding was reported for NSW Treasury to ensure it significantly improve its processes so that all relevant information is identified and shared with the Audit Office to support material transactions and balances of the State.

A number of events reconfirmed that NSW Treasury needs to continue improving its process with respect to information sharing with the Audit Office. Notably, NSW Treasury’s finance team had not demonstrated that all available information (on their systems) was considered by them when assessing the State’s control over CMCT.

Critical information relating to CMCT was in the possession of NSW Treasury since late October 2021 but not considered when reconfirming their accounting position on the State's control of CMCT this year. A further reconfirmation of the State's control over CMCT was needed by NSW Treasury to ensure this information was considered in their accounting assessment.

The above demonstrates that more effective consultation is required by NSW Treasury with key stakeholders to ensure all information relevant to forming an accounting position relating to the TSSA is captured. This will ensure new information is not identified late in the audit process and NSW Treasury considers all information when concluding on the accounting position of the State.

Last year's report highlighted that NSW Government actions avoided a qualified opinion in 2020–21 relating to the General Government Sector's $2.4 billion cash contribution to Transport Asset Holding Entity (TAHE). These actions included the NSW Government agreeing to provide additional future funding to TAHE's key government customers Sydney Trains and NSW Trains (the operators) to support increases in access and licence fees to be paid to TAHE.

The additional funding by the government was necessary to demonstrate that a reasonable expectation of a sufficient rate of return would be earned on its equity invested in TAHE. Last year, there was no government policy on what the minimum return should be on investments in other public sector entities, so the long-term inflation rate was used as a benchmark. A recommendation was made in last year's State Finances report that NSW Treasury establish a policy on the minimum expected return from its investments.

On 6 September 2022, NSW Treasury finalised its policy relating to the government’s returns on equity investments. The application of this policy is limited to State Owned Corporations and similar to the Commonwealth framework for commercial businesses, which requires the expected return be at least equal to the long-term inflation rate.

The government's commitment to additional funding was conveyed last year through revised shareholder expectations being published in the 2021–22 'NSW Budget-Half yearly Review' on 16 December 2021, increasing the expected returns on equity from 1.5% to the expected long-term inflation rate of 2.5%. On 18 December 2021, Transport for NSW (TfNSW) and the operators entered into a Heads of Agreement (HoA). This formed the basis of negotiations to revise the pricing within the existing ten-year contracts and deliver upon the shareholders’ expected return of 2.5% on contributed equity to be earned over the estimated weighted average remaining useful lives of TAHE's assets.

Further information on last year's audit of the government’s investment in TAHE can be found in our 'State Finances 2021' report.

Ten-year commercial agreements were signed between TAHE, operators and TfNSW

Last year's State Finances report recommended that NSW Treasury facilitate revised commercial agreements to reflect the access and licence fees detailed in the HoA. As these agreements were not executed by 30 June 2021, last year's audit opinion of the Total State Sector Accounts (TSSA) included an Emphasis of Matter drawing attention to the uncertainty that existed at balance date as these agreements were not finalised.

On 23 June 2022, commercial agreements were signed between TAHE, the operators and Transport for NSW through a deed of variation. The revised access and licence fees for the ten-year period 2021–22 to 2030–31 was $16.6 billion, which is $520 million less than the HoA fees of $17.1 billion.

TAHE's main customers principally rely on government funding to pay access and licence fees

Whilst TAHE has agreed ten-year access and licence fees of $16.6 billion with its two main customers Sydney Trains and NSW Trains, these two operators significantly rely on government funding when making these payments to TAHE. At 30 June 2022, TAHE's expected return of 2.5% is contingent upon the GGS funding the operators to support their payment of access and licence fees that have been agreed with TAHE for the ten-year contracted period and for non-contracted periods from 2031–32 to 2045–46.

The 2022–23 NSW Budget has allocated $5.5 billion to fund the operators, to support their payment of access and licence fees. However, this funding extends to the end of the forward estimates period in 2025–26, which falls short of the ten-year contractual period to 2030–2031 and the projected period to 2045–46 to achieve the 2.5% return.

The government will need to fund the operators an additional $10.2 billion in budget funding to meet their contractual obligations to TAHE from 2026–27 to 2030–2031, and a further projected funding of $50.8 billion from 2032 to 2046. This is needed to ensure the government continues to demonstrate its expected return on investment of 2.5%. This additional funding is not within the government's published 2022–23 NSW Budget figures, leading to uncertainty on whether the government funded operators can pay access and licence fees beyond the forward estimate period of 2025–26.

Significant funding uncertainties remain

While the ten-year access and licence fee agreements were communicated to the NSW Government's Expenditure Review Committee, it is yet to be fully provided for in the government's budget figures. As TAHE's projections are highly dependent on the operators as its key customers, it remains critical that the government continue to provide sufficient funding to the operators so they can pay for access and use of TAHE assets. This means the significant funding uncertainties reported in last year's TSSA audit opinion remain for 2021–22.

The government has estimated $37.9 billion in returns (equivalent to 2.5% on contributed equity) is to be earned from its investment in TAHE over the period from 1 July 2022 to 30 June 2046. As previously reported, TAHE derives most of its revenue from access and licence fee agreements from the operators, who in turn are both funded by grants through TfNSW from the GGS. More than 95% of these returns are estimated to be earned outside of the ten-year contract period (terminating 30 June 2031).

There remains risk that:

• TAHE will not be able to recontract for access and licence fees at a level that is consistent with current projections
• future governments' funding to TAHE's key customers will not be sufficient to fund payment of access and licence fees at a level that is consistent with current projections
• TAHE will be unable to grow its non-government revenues.

This significant funding uncertainty was also reported in last year's TSSA audit opinion and will remain for 2021–22.

In 2021–22, TAHE and NSW Treasury prepared further modelling to support the Government's intent to earn a 2.5% return inclusive of recovering the holding (revaluation) loss of $20.3 billion on its investment in TAHE

Last year's State Finances report highlighted that NSW Treasury, with TAHE, should prepare robust projections and business plans to support the expected returns forecast beyond FY2031.

This year TAHE engaged an expert to help develop a model demonstrating the government's expected returns from its investment in TAHE. The model mathematically forecasts that returns of 2.5% will be achieved by 2046 and this will include recovery of the revaluation losses of $20.3 billion relating to 2020–21.

The current model includes some key assumptions:

• The main source of revenue is the access and licence fees expected from the two public rail operators (Sydney Trains and NSW Trains) contributing to more than 80% of TAHE's projected revenue. The rail operators are largely funded by the government when paying access and licence fees to TAHE.
• For the first ten years, the access and licence fees are based on the signed agreements between TAHE and the public rail operators.
• Beyond the ten-year contracted period, the model assumes existing contractual terms for access and licence fees will continue unchanged allowing for an annual rise for inflation (2.5% per annum), and increased fees to enable a 7.62% return for renewed assets.
• The capital expenditure included in the model is only the amounts approved by the Expenditure Review Committee (ERC) as part of the ten-year forecast. The model beyond ten years includes expected investment in renewed and replacement assets but excludes any forecasts relating to growth capex that is not approved by the ERC, and any related depreciation expenses for growth capex.

While management has developed a 35-year long term financial model to support the returns, we note this will need to be refined over the next few years. Furthermore, these are forecasted figures and we have not seen sufficient evidence of whether this reflects reality (that is, the achievement of dividends representing a return on equity) as it is still very early. Therefore, this will remain a high-risk matter until we have seen sufficient evidence of reality to the forecasted figures.

There is negative net impact on the budget after 2024–25 and this will grow in the future

There are some key points to highlight with this modelling and these are best conveyed with the graph below. This graph shows total cash injections made by the GGS since the government first announced the creation of TAHE as a for-profit entity in the 2015–16 NSW Budget. It also conveys the forecast returns from TAHE to the GGS and the level of funding operators will need from the GGS to pay TAHE's access and licence fees over the 30-year period. These cash flows are key inputs used in the modelling which calculates a 2.5% return from TAHE inclusive of recovering the holding (revaluation) loss of $20.3 billion.

The government continues to respond to the impact of the COVID-19 pandemic on New South Wales through its economic stimulus measures

The COVID-19 pandemic continued to significantly impact the State’s finances, reducing revenue and increasing expenses especially in sectors directly responsible for responding to the COVID-19 pandemic, such as Health. In October 2021, the government announced through the 'COVID-19 Economic Recovery Strategy' an additional $2.8 billion in economic stimulus and response measures following the conclusion of the three-month lockdown due to the Delta COVID-19 outbreak. Measures included:

• $739 million in household and social support, including housing support for Aboriginal communities and survivors of domestic violence, and vouchers to thank parents for their efforts to support learning from home
• $500 million to consumers and businesses including expansion of the 'Dine & Discover' and 'Stay & Rediscover' voucher programs
• $495 million in education support addressing learning gaps for children and helping schools prepare for future learning disruptions
• $487 million in combined funding for tourism, events, sports, and recreation throughout New South Wales
• $130 million to fund mental health services for individuals whose mental health was impacted by the pandemic.

The 2021–22 financial year included $21.9 billion for pandemic response and economic stimulus measures. Of this, $17.9 billion was spent in 2021–22 while a further $1 billion of the budgeted amount from 2021–22 was carried forward into 2022–23. The graph below shows the total allocation and spend by cluster for 2022 compared to target spend.

There were 14 natural disaster declarations including four severe weather events in 2021–22

Natural disasters such as bushfires, storms, floods, and other adverse weather events can have a significant impact on the State's finances. Costs associated with natural disasters include direct response costs such as clean-up and recovery, temporary accommodation, and as well as financial assistance provided to impacted communities such as recovery and business support grants.

The NSW Government can make a natural disaster declaration allowing eligible individuals and communities from impacted Local Government Areas access to a range of special financial assistance measures.

In 2021–22, there were 14 natural disaster declarations announced comparable to 14 in the previous year. These natural disaster declarations largely related to storms and floods throughout the State. In 2021–22, there was a larger number of 'severe weather' events declared, with four in 2021–22 (nil in 2020–21).

Natural disaster expenses increased 143% to $1.4 billion in 2021–22, up from $569 million last year

Over 2021–22, the budgeted cost for declared natural disasters was $1.9 billion ($725 million in 2020–21). Actual expenditure by the State on disaster response increased by $815 million to $1.4 billion. The graph below shows the total allocation and spend by cluster for 2022 compared to their budget spend.

Deficit of $15.3 billion compared with a budgeted deficit of $8.6 billion

The outcomes of the government’s overall activity and policies are reflected in its net operating balance (budget result). This is the difference between the cost of general government service delivery and the revenue earned to fund these sectors.

The General Government Sector, which comprises 196 entities, generally provides goods and services funded centrally by the State.

In addition to the 196 entities within the General Government Sector, a further 85 government controlled businesses are included within the consolidated Total State Sector financial statements. These businesses generally provide goods and services, such as water, electricity and financial services for which consumers pay for directly, and form part of the PNFC (31) and PFC (54) sectors.

The budget result for the 2021–22 financial year was a deficit of $15.3 billion compared to an original forecast of a budget deficit of $8.6 billion.

Revenues increased $16.1 billion to $106.7 billion

The State’s total revenues increased $16.1 billion to $106.7 billion, an increase of 17.8% compared to the previous year. Total revenue growth in 2020–21 was 5.1%. The State's increase in revenue was mostly from $9.2 billion in grants and subsidies and $4.6 billion in taxation.

Taxation revenue increased by 13.3%

Taxation revenue increased by $4.6 billion, mainly due to the net of:

• $4.9 billion higher stamp duties collected from property sales driven by growth in property transaction volumes and prices during 2021–22. This was growth was experienced across residential and commercial property markets
• $296 million lower gambling and betting taxes compared to 2020–21. Decrease was primarily attributed to the ongoing effects of COVID-19 restrictions and venue closures within the first half of 2021–22.

Stamp duties of $16.6 billion remains the largest source of taxation revenue, $7.7 billion higher than payroll tax of $8.9 billion, the second-largest source of taxation revenue.

Assets grew by $53 billion to $571 billion

The State’s assets include physical assets such as land, buildings and infrastructure, and financial assets such as cash, and other financial instruments and equity investments. The value of total assets increased by $53.2 billion or 10.3% to $571 billion. The increase was largely due to increases in the carrying value of land, buildings and infrastructure systems.

Valuing the State’s physical assets

State’s physical assets valued at $437 billion

The value of the State’s physical assets increased by $46.8 billion to $437 billion in 2021–22 ($724 million increase in 2020–21). The State’s physical assets include land and buildings ($198 billion), infrastructure systems ($221 billion), and plant and equipment ($18 billion).

The movement in physical asset values between years includes additions, disposals, depreciation and valuation adjustments. Other movements include assets reclassified to held for sale and other opening balance adjustments.

Appendix one – Prescribed entities

Appendix two – Legal opinions

Appendix three – TSS sectors and entities

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Result of the Transport and Infrastructure cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for all Transport and Infrastructure cluster agencies' financial statements.

An 'other matter' paragraph was included in TAHE's Independent Auditor's Report for its 30 June 2022 financial statements which draws attention to Transport and Asset Holding Entity's (TAHE) reliance on government-funded customers.

We included an ‘emphasis of matter’ paragraph in the Independent Auditor’s Report for State Transit Authority of New South Wales’ (the authority) 30 June 2022 financial statements, which draws attention to the financial statements being prepared on a liquidation basis as the authority’s principal activities ceased operations on 3 April 2022.

What the key issues were

The 2021–22 audits identified five high-risk findings:

• detailed business modelling to support returns from TAHE
• valuation of assets at TAHE
• control of assets at TAHE
• accounting and valuation of tree assets at Centennial Park and Moore Park Trust and Parramatta Park Trust.

Access and licence fees - TAHE

Revised commercial agreements were signed between TAHE, the operators and Transport for NSW on 23 June 2022 to reflect increased access and licence fees detailed in the 18 December 2021 Heads of Agreement.

TAHE’s ability to generate the expected return of 2.5% based on the current modelling is heavily reliant on the government funding the public rail operators (TAHE's customers).

There are risks that:

• TAHE will not be able to recontract for access and licence fees at a level that is consistent with current projections
• future governments' funding to TAHE's key customers will not be sufficient to fund payment of access and licence fees at a level that is consistent with current projections
• TAHE will be unable to grow its non-government revenues.

Valuation of assets - TAHE

Although TAHE's selected valuation of assets falls within an acceptable range, there remains a significant gap between what has been assessed as an acceptable range and TAHE's range.

What we recommended

Control of assets - TAHE

While we accepted TAHE’s position on control for the current year, NSW Treasury and TAHE should continue to monitor the risk that control of TAHE assets could change in future reporting periods. TAHE must continue to demonstrate control of its assets or the current accounting presentation would need to be reconsidered.

This report provides Parliament and other users of the Transport and Infrastructure cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Transport and Infrastructure cluster (the cluster) for 2022.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the cluster.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Result of the Enterprise, Investment and Trade cluster agencies' financial statement audits for the year ended 30 June 2022.

What we found

The Machinery of Government changes within the Enterprise, Investment and Trade cluster resulted in the creation of the Department of Enterprise, Investment and Trade and the transfer of $1.0 billion of net assets into the new department.

Unmodified audit opinions were issued for all completed cluster agencies' 2021–22 financial statements audits. Two audits are ongoing.

An 'Other Matter' paragraph was included in the audit opinion for the Jobs for NSW Fund's 30 June 2021 financial report to reflect the non-compliance with the Jobs for NSW Act 2015 (the Act) and Government Sector Finance Act 2018. The Act requires the board to consist of seven members that include the Secretary of the Treasury, the Secretary of the Department of Premier and Cabinet, and five ministerial appointments. The board has consisted of two secretaries since 24 May 2019 when the independent members resigned. The remaining five members have not been appointed by the ministers as required by section 5(2) of the Act.

Three cluster agencies accepted changes to their office leasing arrangements managed by Property NSW. This has resulted in the collective derecognition of $24.8 million of right-of-use assets and $26.7 million in lease liabilities, and recognition of $1.9 million of other gains.

What the key issues were

The number of issues we reported to management decreased from 108 in 2020–21 to 103 in 2021–22. Thirty per cent of issues were repeated from the prior year.

Six high-risk issues were identified across the cluster related to the quality and timeliness of financial reporting, governance processes and internal controls.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Enterprise, Investment and Trade cluster's financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Enterprise, Investment and Trade cluster (the cluster) for 2022.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Enterprise, Investment and Trade cluster.

Appendix one – Misstatements in financial statements submitted for audit 

Appendix two – Early close procedures 

Appendix three – Timeliness of financial reporting 

Appendix four – Financial data 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.

What the report is about

Result of the Planning and Environment cluster agencies' financial statements audits for the year ended 30 June 2022.

What we found

Unmodified audit opinions were issued for all completed 30 June 2022 financial statements audits of cluster agencies. Seven audits are ongoing.

Disclaimed audit opinions were issued for the 2010–11 to 2015–16 financial statements of the Water Administration Ministerial Corporation (WAMC), as management was unable to certify that the financial statements exhibit a true and fair view of WAMC's financial position and financial performance.

Qualified audit opinions were issued for WAMC's 2016–17 and 2017–18 financial statements due to insufficient evidence to support the completeness and valuation of water meters infrastructure assets, the impairment of water meters, and the completeness of buildings at Nimmie Caira.

Unqualified audit opinions were issued for WAMC's 2018–19 and 2019–20 financial statements.

The Department of Planning and Environment (the department) assessed 45 Category 2 Statutory Land Managers (SLM) did not meet the reporting exemption criteria and therefore were required to prepare 2021–22 financial statements. None of these 45 Category 2 SLMs prepared and submitted their 30 June 2022 financial statements by the statutory reporting deadline.

All 119 Commons Trusts have never submitted their financial statements for audit as required by the Government Sector Finance Act 2018 (GSF Act).

NSW Treasury has confirmed that the Catholic Metropolitan Cemeteries Trust (CMCT) is a controlled entity of the State. To date, CMCT has not met its obligations to prepare financial statements under the GSF Act and it has not submitted financial statements to the Auditor-General for audit.

What the key issues were

Since 2017, the Audit Office has recommended the department address the different practices across the local government sector in accounting for rural firefighting equipment. Despite repeated recommendations, the department did little to resolve this issue. At the time of writing, 32 of 118 completed council audits received qualified audit opinions on their 30 June 2022 financial statements.

There continues to be significant deficiencies in Crown land records. The department uses the Crown Land Information Database (CLID) to record key information relating to Crown land in New South Wales that is managed and controlled by the department and land managers. The CLID system was not designed to facilitate financial reporting, and the department is required to conduct extensive adjustments and reconciliations to produce accurate information for the financial statements.

The department implemented the CrownTracker system as a replacement for CLID. The project was finalised in June 2022, but it has not achieved the intended outcomes.

Nine high-risk issues were identified across the cluster related to the findings outlined above and weaknesses in IT general controls, financial reporting, governance processes and internal controls.

Recommendations were made to address these deficiencies.

This report provides Parliament and other users of the Planning and Environment cluster’s financial statements with the results of our audits, analysis, conclusions and recommendations in the following areas:

• financial reporting
• audit observations.

Financial reporting is an important element of good governance. Confidence and transparency in public sector decision-making are enhanced when financial reporting is accurate and timely.

This chapter outlines our audit observations related to the financial reporting of agencies in the Planning and Environment cluster (the cluster) for 2022.

Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision-making.

This chapter outlines our observations and insights from our financial statement audits of agencies in the Planning and Environment cluster.

Appendix one – Misstatements in financial statements submitted for audit

Appendix two – Early close procedures

Appendix three – Timeliness of financial reporting

Appendix four – Financial data

Appendix five – Councils received qualified audit opinions 

Copyright notice

© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.